After the 1995 Oklahoma City bombing, the government realized it had a problem. There were no minimum security standards or an inspection regime for the thousands of federal facilities sprawled across the country. So it developed a plan, accelerated after 9/11, to test federal buildings and other sites for potential vulnerabilities. To carry out the tests, the government deployed a web-enabled software program that cost millions and failed to work. Now the program’s replacement may be even worse.​